License THIS SCRIPT IS PROVIDED TO YOU "AS IS." TO THE EXTENT PERMITTED BY LAW, QUALYS HEREBY DISCLAIMS ALL WARRANTIES AND LIABILITY FOR THE PROVISION OR USE OF THIS SCRIPT. IN NO EVENT SHALL THESE SCRIPTS BE DEEMED TO BE CLOUD SERVICES AS PROVIDED BY QUALYS Log4j Vulnerability Scanner Shell Script: Description: This shell script intends to collect necessary details and help detect CVE-2021-44228 and CVE-2021-45046 vulnerabilities reported in Log4j. The script will scan the entire filesystem, including archives (and nested JARs) for the Java class that indicates the Java application contains a vulnerable Log4j library. This script requires zip/unzip utility to be present on the system for accurate results, else nested jars won't be reported(only 1st level jars would be detected). Once Log4j QID is introduced in Qualys VM signature, the output file generated by this script will serve as a data point to assess and report the QID during agent VM scan. Usage: Supported platforms: RHEL, CentOS, Ubuntu, Debian, Amazon Linux, OEL Supported architectures: x64, ARM How to run the script? 1) Create and save a script (.sh) file using any text editor. 2) Execute the script file using shell script. Use the following command: sh <script-name>.sh Here, <script-name> is actual script name. The following details are shown in the output: Source: Path of pom.xml within a jar file JNDI class found or not found status Path of the jar log4j version The script’s standard output will be redirected to /usr/local/qualys/cloud-agent/log4j_findings.stdout. Any error occurring during its execution is redirected to /usr/local/qualys/cloud-agent/log4j_findings.stderr: This file will also contain command execution start time and status on completing the run. If agent is not installed, script will create a directory named /usr/local/qualys/cloud-agent/ and dump the standard output and error in files within it. However, no status information will be written in the error file if its execution is aborted. Sample output:(/usr/local/qualys/cloud-agent/log4j_findings.stdout) Source: META-INF/maven/org.slf4j/slf4j-log4j12/pom.xml META-INF/maven/log4j/log4j/pom.xml JNDI-Class: JNDI Class Not Found Path= /root/akshata/TestFiles_log4j/TestFiles/kafka-producer-intellij.jar log4j Unknown ------------------------------------------------------------------------ Source: META-INF/maven/org.apache.logging.log4j/log4j-api/pom.xml META-INF/maven/org.apache.logging.log4j/log4j-core/pom.xml JNDI-Class: JNDI Class Found Path= /root/akshata/TestFiles_log4j/TestFiles/ProjWithVulLog4j-1.0-SNAPSHOT-jar-with-dependencies.jar log4j 2.13.0 ------------------------------------------------------------------------ Source: META-INF/maven/log4j/log4j/pom.xml JNDI-Class: JNDI Class Not Found Path= /usr/share/java/log4j.jar log4j Unknown ------------------------------------------------------------------------ Sample error file: (/usr/local/qualys/cloud-agent/log4j_findings.stderr) scanning started for log4j jar Thu Dec 16 17:47:36 IST 2021 Run status : Success